On September 21, 2010 01:09:49 pm Jason Forde wrote:
Hello,
I am at the early stages of building and testing a 2 Master directory
server setup trying to work out what to do with the configuration directory
server.
I initially had it setup on one server1 with server2 using this, but then
if server1 goes down the console access for server2 is broken. I have been
trying to replicate the netscaperoot with little success (probably down to
my confusion on what to put in the 'server2.inf' and ldif files) and
wondered do I really have to replicate netscaperoot? What would be the
implication of each master having their own netscaperoot and not
replicating?
Its quite a basic setup and we have 2 existing masters elsewhere setup like
this, so if I don't need to do this I'd like to keep it simple and have 2
seperate netscaperoots - even if it meant having to update 2 seperate
servers, though I dont believe we have had to do this on the other
deployment yet.
Pointers appreciated.
When I'm setting up my MMR servers to replicate their databases (including
o=netscaperoot), I usually follow the following order (off the top of my
head anyhow).
1. Run setup-ds-admin.pl on one machine. (call this the master for now)
2. Setup and configure encryption on the master
3. run setup-ds.pl on any other MMR servers.
4. Setup encryption on the other MMR servers. (confirm all the servers can
talk TLS/SSL to each other)
5. create the o=netscaperoot suffix on the other servers (see ldif below)
6. Configure whatever replication agreements you want for o=netscaperoot
7. init those agreements on the master (this should send o=netscaperoot to
all the other servers)
8. on the other servers, run register-ds-admin.pl and register the admin
server with itself (*not the master server*)
If you look on your master server's o=netscaperoot, you should see the
entries for the other servers as you register them.
From what I can tell, this will allow you (with some work) to point a servers
config directory to another server, but does not allow for automatic
failover to another configuration server if the local instance fails.
cat ns.ldif
--------
dn: cn="o=netscaperoot", cn=mapping tree, cn=config
changetype: add
nsslapd-state: backend
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
cn: "o=netscaperoot"
cn: o=netscaperoot
nsslapd-backend: NetscapeRoot
dn: cn=NetscapeRoot, cn=ldbm database, cn=plugins, cn=config
changetype: add
objectclass: top
objectclass: extensibleObject
objectclass: nsBackendInstance
nsslapd-suffix: o=netscaperoot
cn: NetscapeRoot
ldapadd -x -h TARGETSERVER -D "cn=directory manager" -W -f ldif/ns.ldif
Ryan Braun
Aviation and Defence Services Division
Chief Information Officer Branch, Environment Canada
CIV: 204-833-2500x2625 CSN: 257-2625 FAX: 204-833-2558
E-Mail: Ryan.Braun(a)ec.gc.ca